| Vulnerability Name: | CVE-2012-1149 (CCN-75692) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2012-05-16 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2012-05-16 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-122 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: secalert@redhat.com Type: Broken Link secalert@redhat.com Source: MITRE Type: CNA CVE-2012-1149 Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: RHSA-2012-0705 Important: openoffice.org security update Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: SA46992 OpenOffice.org Two Vulnerabilities Source: CCN Type: SA47244 LibreOffice vclmi.dll Integer Overflow Vulnerability Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Patch, Third Party Advisory, VDB Entry secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: DEBIAN Type: DSA-2473 openoffice.org -- buffer overflow Source: DEBIAN Type: DSA-2487 openoffice.org -- buffer overflow Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: libreoffice Web Site CVE-2012-1149 Integer overflows in graphic object loading Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Broken Link secalert@redhat.com Source: secalert@redhat.com Type: Broken Link secalert@redhat.com Source: CCN Type: Open Office Web Site OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: OSVDB ID: 81988 OpenOffice.org (OOo) vclmi.dll Module Embedded Image DOC File Handling Remote Overflow Source: CCN Type: BID-53570 OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities Source: secalert@redhat.com Type: Third Party Advisory, VDB Entry secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN openoffice-vclmi-bo(75692) | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||